Iran-Linked Cyberattack Uncovers Malicious File
Malicious File Identified in Investigation into Iran-Linked Stryker Attack
Stryker Corporation has provided an update on its ongoing investigation into a recent cyberattack attributed to the Iran-linked hacking group Handala.
Key Findings:
- A malicious file was discovered during the investigation, although it is unclear whether this file was the primary mechanism used by the attackers.
- The company emphasized that its investigation did not identify any instances of ransomware or malware on its systems.
- Stryker disputes Handala’s claim of wiping over 200,000 devices, citing evidence suggesting the attackers exploited its Microsoft Intune instance to remotely manage desktop and mobile endpoints.
According to Stryker, “The malicious file was not designed to spread beyond the compromised systems.”
Impact and Response:
- The disruption caused by the attack affected various aspects of Stryker’s operations, including order processing, manufacturing, and shipping.
- The company has made significant progress in restoring impacted systems and has implemented enhanced security protocols to prevent future attacks.
According to the FBI, “Handala and similar groups often utilize masquerading malware and command-and-control servers hosted on platforms like Telegram.”
Stryker confirms cooperation with US government agencies and continues to work with experts to ensure the integrity of its systems.
About Author
English